[debian-mysql] Bug#843520: Bug#843520: Bug#843520: Bug#843520: mysql-server-5.5 cannot be automatically upgraded

Lars Tangvald lars.tangvald at oracle.com
Fri Nov 18 07:57:49 UTC 2016 


On 11/18/2016 08:00 AM, Lars Tangvald wrote:
> Hi,
>
> On 11/17/2016 06:02 PM, Jean Louis wrote:
>> I am sorry, that I filed bug in the wrong package, it was
>> unintentional mistake. It should be in mysql-server. And I know all
>> about specifics.
>>
>> In my case, there is nothing that I have changed in my Mysql
>> configuration from the plain install. That is why I filed the
>> bug. Otherwise I would look first on my side.
>>
>> And I was surprised it did not work, as I was used to the stability
>> and certainty when upgrading.
>>
>> I could not find the solution
>>
>> I was reading other bugs and I found:
>>
>> [mysqld]
>> secure_file_priv = /var/lib/mysql
>>
>> So I have put it in /etc/mysql/conf.d and now I got it working. Even I
>> don't even know what is it about, as being so lazy to read the
>> documentation. Sorry.
>>
>> Still I think it should not be like that, the upgrade should go
>> smooth, especially for databases. Nothing angers me, thank you for
>> putting attention. I am supporter of free software and use Debian on
>> remote servers.
>>
>> Jean Louis
> Hi,
>
> In this case, the server defaults to 
> secure_file_priv=/var/lib/mysql-files, and will require this directory 
> to be created.
> This is a big change to make in a stable release, but the old behavior 
> was a potential security risk, so we felt it was justified. The 
> upgrade _should_ have created this directory automatically, so if it 
> failed for you then there's probably something with your environment 
> we didn't account for. If you have any console logs or mysql error 
> logs from the update it would be good if you can attach them to the bug.
>
> One important note, however:
> The solution you note, setting secure_file_priv=/var/lib/mysql (the 
> data directory) is not a good one. You should either set it to NULL or 
> to a separate, empty directory owned by the mysql user.
>
> The secure_file_priv setting determines where the server is allowed to 
> read and write files using import/export operations. Setting it to the 
> same location as the database will mean that any user of your database 
> can get full access.
>
Correction here: You need the FILE privilege to use these operations.

--
Lars

More information about the pkg-mysql-maint mailing list